Data theft and cyberattacks soar among German companies: Report

According to a report presented by BITKOM and the Federal Office for the Protection of the Constitution, over the past twelve months, 81 percent of German companies were affected by data and IT equipment theft, digital and analog industrial espionage, or sabotage.

The latest data illustrating the scale of this phenomenon were published in the report Wirtschaftsschutz 2024, prepared by Bitkom, the German Association for Information Technology, Telecommunications, and New Media.

According to Bitkom President Dr. Ralf Wintergerst, "the threat situation for the German economy is escalating. Companies must continue to increase protective measures. This applies to both digital attacks and traditional ones, such as eavesdropping on meetings or physical document theft."

Sinan Selen, Vice President of the Federal Office for the Protection of the Constitution (civil counterintelligence), assessed that "the attack vectors on the German economy have changed, and the intersection between cyber espionage and cybercrime has increased." In his view, "since adversaries are acting holistically, commercial enterprises and security agencies must also act holistically."

The losses incurred by German companies over the past twelve months due to espionage, sabotage, and theft were estimated at $282 billion CAD. By comparison, last year's losses amounted to $217 billion CAD, and in 2022, they were $213 billion CAD. Most attacks on German companies were carried out from China (45 percent), with the Russian Federation ranking second in this category (39 percent).

Felix Kuhlenkamp, BITKOM's security policy specialist, emphasized in response to a query from the FakeHunter service that the study did not ask about a direct causal link between the attacks and the war in Ukraine because "companies were not necessarily able to establish such a connection." However, citing last year's report by the association, Kuhlenkamp recalled that since the beginning of the war, Russia and China have increasingly become bases for attacks on the German economy. In 2023, 46 percent of affected companies could trace the attacks back to Russia, double that in 2021.

The expert emphasized that "although this year Russia was mentioned somewhat less frequently, the level of attacks remains significantly higher than in 2021. At the same time, classic 'analog' industrial espionage involving Russia has probably become more difficult due to the currently highly isolated economy of that country."

The most sought-after theft targets are communication data such as email correspondence (63 percent), customer data (62 percent), access data and passwords (35 percent), intellectual property including patents and research results (26 percent), financial data (19 percent), and employee data (16 percent).

As the most frequent examples of attacks that "occurred" and "probably occurred," 74 percent of surveyed companies indicated digital data theft, 70 percent digital sabotage of IT or production systems, and 60 percent interception of internal communications. 70 percent of attacks are the result of organized crime activities, with 20 percent originating from foreign agencies.

Analyzing the specific costs incurred due to attacks separately, companies reported that they paid the most for theft, downtime, or damage to IT and production systems ($57.6 billion CAD), while image damage and negative press resulted in losses of $21.4 billion CAD.

The report's authors also asked companies about their stance on artificial intelligence and potential concerns related to the use of AI. According to Felix Kuhlenkamp, "sure, there are spectacular isolated cases of deep fakes, but they currently do not play a significant role in damage in all cases." The expert notes that the situation may change, because "83 percent of companies believe that artificial intelligence exacerbates the threat situation for the German economy, and 70 percent believe that AI facilitates cyberattacks."

On the other hand, artificial intelligence can also be used to enhance cybersecurity, added the expert. According to the report, 61 percent of companies believe that the use of artificial intelligence can significantly improve IT security. Artificial intelligence can, for example, be used to quickly recognize phishing messages or to expose deepfakes.

For the study, a telephone survey was conducted among 1,003 companies employing at least 10 employees and achieving an annual turnover in Germany of at least $1.1 million CAD. The survey was conducted between week 16 and week 24 of 2024 and is representative.